Linux RPM — Creation and Signing
####################################
RPM COMMANDS:
Install a package:
$ sudo rpm -ivh ~/rpmbuild/RPMS/noarch/hello-0.0.1–1.el8.noarch.rpm
Install a package Relocatable Package:
rpm -ivh — prefix=/opt rsync-2.5.7–5.3E.i386.rpm
Query a package:
$ rpm -qpi package.rpm
$ less package.rpm
$ rpm -qpivl — changelog — nomanifest /root/rpmbuild/RPMS/x86_64/hello-world-1.0.0–1.x86_64.rpm
// check if package is installed correctly
$ rpm -qi hello
// show changelog section
$ rpm -q hello — changelog
// list package files
$ rpm -ql hello.
Uninstall a package:
$ sudo rpm — verbose — erase hello
####################################
RPM SIGNATURE RELATED COMMANDS
####################################
Verify a package
$ rpm -K epel-release-latest-8.noarch.rpm
epel-release-latest-8.noarch.rpm: digests SIGNATURES NOT OK
import a new GPG public key
$ rpm — import RPM-GPG-KEY-EPEL-8
Query for an installed gpg key
$ rpm -qa gpg-pubkey*
gpg-pubkey-7fac5991–4615767f
gpg-pubkey-2f86d6a1–5cf7cefb
Get details about a key
$ rpm -qi gpg-pubkey-2f86d6a1–5cf7cefb
remove a key
$ sudo rpm -e gpg-pubkey-2f86d6a1–5cf7cefb
Sign a package using gpg key
$rpm — addsign test-1–0.x86_64.rpm
Check the signature in rpm
$rpm — checksig test-1–0.x86_64.rpm
Installed package:
rpm -qa — qf ‘%{NAME}-%{VERSION}-%{RELEASE} %{SIGPGP:pgpsig} %{SIGGPG:pgpsig}\n’
$ rpm -K hp/mlnx-en-utils-2.2–1.0.7.0.g0055740.rhel6u4.x86_64.rpm
hp/mlnx-en-utils-2.2–1.0.7.0.g0055740.rhel6u4.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
Not Installed package:
rpm -q — qf ‘%{NAME}-%{VERSION}-%{RELEASE} %{SIGPGP:pgpsig} %{SIGGPG:pgpsig}\n’ — p packagename.rpm
$ rpm -q — qf ‘%{NAME}-%{VERSION}-%{RELEASE} %{SIGPGP:pgpsig} %{SIGGPG:pgpsig}\n’ -p hp/mlnx-en-utils-2.21.0.7.0.g0055740.rhel6u4.x86_64.rpm
mlnx-en-utils-2.2–1.0.7.0.g0055740.rhel6u4 RSA/SHA1, Tue Apr 14 12:34:51 2015, Key ID fadd8d64b1275ea3 (none)
List all the GPG keys in your RPM DB:
$ rpm -qa gpg-pubkey*
…
…
gpg-pubkey-b1275ea3–546d1808
…
…
Query the keys (obtained from rpm -qa command)
$ rpm -qi gpg-pubkey-b1275ea3–546d1808
####################################
GPG COMMANDS
####################################
Create New public private keypair
$ gpg — gen-key
$ gpg — full-generate-key
Editing a GPG key
$ gpg — edit-key bestuser@example.com
Extract the public key of a GPG Key
$ gpg — export — armor — output bestuser-gpg.pub. foo@bar.com
$ gpg — export -a ‘Package Manager’ > RPM-GPG-KEY-pmanager
Get public key fingerprint
$ gpg — fingerprint
List the gpg keys
$ gpg — list-keys
$ gpg — list-sigs
import a new GPG public key
$ gpg — import key.gpg
Move private GPG keys to another machine
https://stackoverflow.com/questions/3174537/how-to-transfer-pgp-private-key-to-another-computer
####################################
RPM BUILD COMMANDS
####################################
$ sudo yum install -y rpm-build rpmdevtools rpmlint
$ rpmdev-setuptree
Or Manually create it:
$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS,tmp}
Place the script in the designated directory
$ mkdir hello-0.0.1
$ mv hello.sh hello-0.0.1
$ tar — create — file hello-0.0.1.tar.gz hello-0.0.1
$ mv hello-0.0.1.tar.gz SOURCES
Create a .spec file
$ rpmdev-newspec hello
$ rpm — eval ‘%{_bindir}’
$ rpmlint ~/rpmbuild/SPECS/hello.spec
$ rpmbuild -bb~/rpmbuild/SPECS/hello.spec
Verify the created package:
rpm -qpivl — changelog — nomanifest /root/rpmbuild/RPMS/x86_64/hello-world-1.0.0–1.x86_64.rpm